Move Rundeck Installation

[eric....@gmail.com]

Hi all,

I'm tasked with moving my rundeck/nginx install over to a new RHEL 8 server from RHEL 7.9.  I started by trying to install the same way I did before.  This is not working and I'm not finding anything similar online any longer.  Can someone point me to installation instructions on RHEL 8?  Here's what I was doing back then:

Install Rundeck

Run the following commands as root:

·       rpm -Uvh http://repo.rundeck.org/latest.rpm

·       yum install rundeck java

·       service rundeckd start

·       service rundeckd status (make sure it’s started)

·       vi /etc/rundeck/framework.properties
Modify the following properties to have the IP Address of this server:
framework.server.name
framework.server.hostname
framework.server.url

·       vi /etc/rundeck/rundeck-config.properties
Modify the following property to have the IP Address of this server:
grails.serverURL

·       vi /etc/rundeck/realm.properties
Modify the following property to change the default admin password:
admin: <new password>…

service rundeckd restart

After that I'll need to move my project (yeah, just one) over to the new server.  Any advise would be greatly appreciated.  Thanks - Eric

[rac...@rundeck.com]

Hi Eric,

Check the service log: tail -f /var/log/rundeck/service.log at the moment of starting the Rundeck service. In that way you can obtain more clues.

Take a look at this guide (Community tab).

After installation, change the grails.serverURL=http://localhost:4440 to grails.serverURL=http://server_ip_or_hostname:4440 in the rundeck-config.properties file (at /etc/rundeck path).

And of course, make sure to install Java 11 to run the Rundeck service properly.

Greetings.

​

[eric....@gmail.com]

Thanks so much!  I'll get to working on this!

[eric....@gmail.com]

This link fails off the gitgo.  I get:

[root@myMachine yum.repos.d]# yum install java rundeckpro-enterprise
Updating Subscription Management repositories.
Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/epel.repo; Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/epel.repo; Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/epel.repo; Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/epel-testing.repo; Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/epel-testing.repo; Configuration: OptionBinding with id "failovermethod" does not exist
Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/epel-testing.repo; Configuration: OptionBinding with id "failovermethod" does not exist
NESS_custom_RHEL8                                                              41 kB/s | 2.0 kB     00:00    
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)                       73 kB/s | 4.5 kB     00:00    
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)                          68 kB/s | 4.1 kB     00:00    
packages-microsoft-com-prod_RHEL8                                              42 kB/s | 2.0 kB     00:00    
packages-microsoft-com-slow-prod                                               43 kB/s | 2.0 kB     00:00    
rundeckpro                                                                    0.0  B/s |   0  B     00:00    
Errors during downloading metadata for repository 'rundeckpro':
  - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://packages.rundeck.com/pagerduty/rundeckpro/rpm_any/rpm_any/x86_64/repodata/repomd.xml [SSL certificate problem: EE certificate key too weak]
Error: Failed to download metadata for repo 'rundeckpro': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Are there some prereqs I need to do?

Thanks,
Eric

[rac...@rundeck.com]

Hi Eric,

It seems that your infrastructure is configured to accept strong certificates, consider installing it via RPM from here.

BTW, you're downloading Process Automation (formerly "Rundeck Enterprise"). For any Process Automation (formerly “Rundeck Enterprise”) related questions please contact your solution consultant/dedicated support team which will help you ASAP :-)

Regards.

[Eric Fetzer]

I'll keep trying.  I didn't want to download any fancy rundeck distro, just wanted to get it downloaded so that I can move my single server installation to the new server.  I'm sure my organization won't pay for any service contracts...

--
You received this message because you are subscribed to a topic in the Google Groups "rundeck-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rundeck-discuss/smX-t3cV66w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/77779ce8-a43f-4d6f-9fe0-ad57bb9af650n%40googlegroups.com.

[rac...@rundeck.com]

In that case, you can download the Open Source version from here :-)

Greetings.

[eric....@gmail.com]

Ok, it's installed.  Am I able to just restore the project from backup or do I have to setup everything from scratch?  So, I:

Installed, set IP Address in framework.properties, rundeck-config.properties, and set the admin password in realm.properties.

Specifically, my question is, do I have to create the project, configure it for running scripts, setup AD integration, setup ACL Policy?  Or can I restore all of that from my project backup on the RHEL7 server?  Here's my backup script:

#!/bin/bash

 

#Backup rundeck

 

#Set variables

DAY_OF_MONTH=$(date +"%d")

BACKUP_JOBS=${DAY_OF_MONTH}_JOBS.xml

BACKUP_DATA=${DAY_OF_MONTH}_DATA.tar.gz

BACKUP_LOG=${DAY_OF_MONTH}_LOG.tar.gz

 

#Set env vars that are needed by rd

export RD_URL=http://1.2.3.4:4440

export RD_USER=admin

export RD_PASSWORD=<GetPasswordFromPasswordSafe>

 

# First get into the proper directory

cd /backup/rundeck

 

# If this day of month's backup already exists, delete it

if [ -f "${DAY_OF_MONTH}*" ]

then

    rm -f ${DAY_OF_MONTH}*

fi

 

#First backup jobs

rd jobs list -f /backup/rundeck/$BACKUP_JOBS -p RossNapOISOperations

#Stop rundeck server

service rundeckd stop

#Wait for it to get fully stopped before backing up data

sleep 30

#Backup the data

tar cvfz /backup/rundeck/$BACKUP_DATA /var/lib/rundeck/data

#Backup the logs

tar cvfz /backup/rundeck/$BACKUP_LOG /var/lib/rundeck/logs

#Start rundeck back up

service rundeckd start

 

exit 0

Again, THANKS for all your help!!!

Eric

[rac...@rundeck.com]

Hi,

Great! You can simplify that process by exporting the whole project in your script (instead of creating individual jobs backups):

1. Export the project archive: rd projects archives export help for more info. This includes the stored (All ACLs saved in the database) ACLs, if your old instance contains filesystem ACL you can back up the .aclpolicy files located in the /etc/rundeck path.
2. Create a new project in your new instance, this is doable via rd-cli: rd projects create help for more info.
3. Import the whole project archive (previously exported in the first step): rd projects archives import help.
4. Now export and import the keys, and consider this doc entry, probably your case is the 2nd or 3rd scenario.

Regarding the AD Config. That configuration needs a file in the /etc/rundeck path (jaas-ad.conf or similar), the same for the file that calls that conf. If your Instance is well configured you also need the /etc/sysconfig/rundeckd file, take a look at this.

Of course, the main advice is to test that process before in a non-prod environment to test all steps.

Hope it helps!

​

[eric....@gmail.com]

Thank you!  I'll work on that and learn a ton as I follow your path to get this moved...

[eric....@gmail.com]

So I'm not sure about the keys.  Rundeck-config.properties doesn't have a setting for that, just the rpmnew extension which I don't know what that is.

[root@MyMachine rundeck]# grep "rundeck.storage.provider" *
rundeck-config.properties.rpmnew:rundeck.storage.provider.1.type=db
rundeck-config.properties.rpmnew:rundeck.storage.provider.1.path=keys
grep: ssl: Is a directory
[root@MyMachine rundeck]# ls
admin.aclpolicy              jaas-multiauth.conf       rundeck-config.properties
apitoken.aclpolicy           LDAP_Users.aclpolicy      rundeck-config.properties.rpmnew
artifact-repositories.yaml   log4j2.properties         ssl
framework.properties         profile                   system-job_reader.aclpolicy_template
framework.properties.rpmnew  project.properties        system-job_runner.aclpolicy_template
jaas-flatfile.conf           realm.properties          system-job_viewer.aclpolicy_template
jaas-ldap.conf               realm.properties.rpmnew   system-job_writer.aclpolicy_template
jaas-loginmodule.conf        ROSS-Admin-ACL.aclpolicy  system-project_admin.aclpolicy_template

Honestly, I'm a bit overwhelmed with my task at hand...  I'm not even sure what these keys are.  I'm guessing database keys which means I've got a mess on my hands without them.  Sorry for my frustration level, I guess it is what it is.  Hoping I can muscle through this.  Thanks for all your help!

[rac...@rundeck.com]

No worries Eric :-)

If you open the rundeck-config.properties file with any text editor, you will see a similar config block as follow:

# Encryption for key storage
rundeck.storage.provider.1.type=db
rundeck.storage.provider.1.path=keys

rundeck.storage.converter.1.type=jasypt-encryption
rundeck.storage.converter.1.path=keys
rundeck.storage.converter.1.config.encryptorType=custom
rundeck.storage.converter.1.config.password=my_password
rundeck.storage.converter.1.config.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC
rundeck.storage.converter.1.config.provider=BC

That means that the keys (private keys and passwords stored on the Rundeck’s Key Storage) are crypted in the backend using my_password as password.

If the “old” instance was installed by default, probably the password line is configured with a “random” string, and that is the default out of the box Rundeck behavior.

So, probably you’re in the second scenario of this. If you’re using a fresh database, you need to recreate them manually.

Hope it helps!

​

[eric....@gmail.com]

My rundeck-config.properties has very little in it:

#loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
loglevel.default=INFO
rdeck.base=/var/lib/rundeck

#rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
rss.enabled=false
# change hostname here
grails.serverURL=http://nd201web001.fireness.gov:8080
dataSource.dbCreate = update
dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true
rundeck.log4j.config.file = /etc/rundeck/log4j.properties
server.session.timeout = 7200
rundeck.security.syncLdapUser=true

That's it.  There's a whole lot more in the rundeck-config.properties.rpmnew but that doesn't seem like it would be used by rundeck because of the extension.  Do you have any clue what this means?  And what do you mean by recreate keys.  I'm still not sure what the keys in rundeck are or how to create them.  I looked in the project that I imported to and it doesn't look like there's anything actually there.

Thanks,
Eric

[eric....@gmail.com]

I've just determined to do everything manually like I did it originally.  Seems more possible for me, lol...

[rac...@rundeck.com]

Great, it means your data in your "old" instance isn't encrypted and that's why you can't view that block (that default config was common on old Rundeck versions).

You can import it, but be aware that the new instance will automatically encrypt the keys, so keep the configuration safe :)

[eric....@gmail.com]

OK, well got quite a ways.  Restored the logs and the data, then went to restore the jobs and got this:

rd jobs load -f ./23_JOBS.xml -p RossNapOISOperations
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by retrofit2.Platform (file:/var/lib/rundeck-cli/rd-cli-tool-shadow-1.3.4/lib/rundeck-cli-1.3.4-all.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
WARNING: Please consider reporting this to the maintainers of retrofit2.Platform
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Exception in thread "main" java.lang.IllegalArgumentException: Unable to create converter for class org.rundeck.client.api.model.ImportResult
    for method RundeckApi.loadJobs
        at retrofit2.Utils.methodError(Utils.java:54)
        at retrofit2.HttpServiceMethod.createResponseConverter(HttpServiceMethod.java:126)
        at retrofit2.HttpServiceMethod.parseAnnotations(HttpServiceMethod.java:85)
        at retrofit2.ServiceMethod.parseAnnotations(ServiceMethod.java:39)
        at retrofit2.Retrofit.loadServiceMethod(Retrofit.java:202)
        at retrofit2.Retrofit$1.invoke(Retrofit.java:160)
        at com.sun.proxy.$Proxy9.loadJobs(Unknown Source)
        at org.rundeck.client.tool.commands.Jobs.lambda$load$2(Jobs.java:174)
        at org.rundeck.client.util.Client.apiCallDowngradable(Client.java:606)
        at org.rundeck.client.tool.commands.AppCommand.apiCallDowngradable(AppCommand.java:103)
        at org.rundeck.client.tool.commands.AppCommand.apiCall(AppCommand.java:74)
        at org.rundeck.client.tool.commands.Jobs.load(Jobs.java:174)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.rundeck.toolbelt.ToolBelt$MethodInvoker.run(ToolBelt.java:1030)
        at org.rundeck.toolbelt.ToolBelt$CommandSet.runCommand(ToolBelt.java:619)
        at org.rundeck.toolbelt.ToolBelt$CommandSet.run(ToolBelt.java:471)
        at org.rundeck.toolbelt.ToolBelt$CommandSet.runCommand(ToolBelt.java:619)
        at org.rundeck.toolbelt.ToolBelt$CommandSet.run(ToolBelt.java:471)
        at org.rundeck.toolbelt.ToolBelt$CommandSet.runMain(ToolBelt.java:428)
        at org.rundeck.client.tool.Main.main(Main.java:74)
Caused by: java.lang.IllegalArgumentException: javax.xml.bind.JAXBException: Implementation of JAXB-API has not been found on module path or classpath.
 - with linked exception:
[java.lang.ClassNotFoundException: com.sun.xml.internal.bind.v2.ContextFactory]
        at retrofit2.converter.jaxb.JaxbConverterFactory.contextForType(JaxbConverterFactory.java:81)
        at retrofit2.converter.jaxb.JaxbConverterFactory.responseBodyConverter(JaxbConverterFactory.java:72)
        at org.rundeck.client.util.QualifiedTypeConverterFactory.responseBodyConverter(QualifiedTypeConverterFactory.java:58)
        at retrofit2.Retrofit.nextResponseBodyConverter(Retrofit.java:362)
        at retrofit2.Retrofit.responseBodyConverter(Retrofit.java:345)
        at retrofit2.HttpServiceMethod.createResponseConverter(HttpServiceMethod.java:124)
        ... 21 more
Caused by: javax.xml.bind.JAXBException: Implementation of JAXB-API has not been found on module path or classpath.
 - with linked exception:
[java.lang.ClassNotFoundException: com.sun.xml.internal.bind.v2.ContextFactory]
        at javax.xml.bind.ContextFinder.newInstance(ContextFinder.java:278)
        at javax.xml.bind.ContextFinder.find(ContextFinder.java:421)
        at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:721)
        at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:662)
        at retrofit2.converter.jaxb.JaxbConverterFactory.contextForType(JaxbConverterFactory.java:79)
        ... 26 more
Caused by: java.lang.ClassNotFoundException: com.sun.xml.internal.bind.v2.ContextFactory
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
        at javax.xml.bind.ServiceLoaderUtil.nullSafeLoadClass(ServiceLoaderUtil.java:122)
        at javax.xml.bind.ServiceLoaderUtil.safeLoadClass(ServiceLoaderUtil.java:155)
        at javax.xml.bind.ContextFinder.newInstance(ContextFinder.java:276)
        ... 30 more

Any ides what's wrong with this restore I'm doing?

Thanks,

Eric

[rac...@rundeck.com]

Hi,

Which java version are you using? you can see it with the following command: java -version.

Also, check the requeriments here.

Regards.

​

[Eric Fetzer]

java -version
openjdk version "11.0.17" 2022-10-18 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.17.0.8-2.el8_6) (build 11.0.17+8-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.17.0.8-2.el8_6) (build 11.0.17+8-LTS, mixed mode, sharing)

You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/ed0945bd-7352-47ca-a475-e1edbde83d9bn%40googlegroups.com.

[rac...@rundeck.com]

Please make sure to use the latest RD CLI version, you're facing this.

Hope it helps!